asyncrat | bD3K[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bD3K.exe
Size

47KB
MD5

1123731628b4f82adca1107e18ab7afe
SHA1

172a8c918ce188cdbd4b813dcbc0b1a7ce3b801a
SHA256

f52dd62d30d2920325b07d172f888eae3580f14f2f394d08c8d6e88cd84ff3a2
SHA512

7fe5103ac91aeef1b09a2d96f9b05ca43bcf59be6ecabfcc4f8ae48e6cef99a29ba78113a9b6ce4ea056bebf5225bb8540f2b9a6ad3aeb315d334f0f3a2525fc
SSDEEP

768:4q+s3pUtDILNCCa+DiptelDSN+iV08YbygeUSK1sU3DvEgK/JvZVc6KN:4q+AGtQOptKDs4zb1rG+DnkJvZVclN

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

parvati.duckdns.org:8973

Mutex

yrksnsbctyvksoeuerbbncv

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

bD3K.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ